Results 1 to 4 of 4
  1. #1
    Join Date
    Mar 2004
    Posts
    141

    Question Is any way exist to protect outgoing or incoming e-mails from unauthorized access?

    Hi,
    I am using shared hosting to host my Corporate Web site. Some private information like patients treatment history was send to patients by e-mail upon patientís request. Some patients are replying to these e-mails by sending private information back.

    I am afraid of unauthorized access by data center staff or server administrator to incoming or outgoing e-mails. Is any way exist to protect outgoing or incoming e-mails from unauthorized access by data center staff or server administrator?

    Thank you.

  2. #2
    Join Date
    Jan 2003
    Location
    Lake Arrowhead, CA
    Posts
    789
    That kind of information should probably never be sent via email in the first place. Since email is transmitted as plain text, anything sent without encryption can be read by virtually anyone, not just the host or DC staff.

    If you must send patient info via email, you need to encrypt it. Do a search on google for "pgp email" and you will find a lot of information.
    http://www.srohosting.com
    Stability, redundancy and peace of mind

  3. #3
    HIPPA.

    You need to follow its rules. I wouldn't send information in emails. Maybe just inform them that it is ready and they can login via SSL.
    Primal Blue Software, Inc.
    primalblue.com

  4. #4
    You should look into encryption options for email. The most popular is PGP (Pretty Good Privacy) http://www.pgp.com. An alternative is the GPG Gnu replacement for PGP. http://www.gunupg.org.

    It takes some learning to understand these products, but the privacy can be well worth it. Encryption of this nature also requires both parties to use it.

    The other option that may be better for your case is to not email the information but rather email a link to the information. This link could then be hosted using SSL. This page that contains the information could also include a feedback form that would eliminate the return mail from the patient. This type of a solution would require your patient to have a logon to your secure area where they could only view their own files, but would be easier to use than PGP.

    Still if this information was stored on the file system the Admin would have access to it. There are ways that you could go further to store this information encrypted on the file system. However then you would need to decrypt it to display it. If this decryption is done with a key and that key is placed in your code then again it could be compromised. The only secure way would be to require the key be entered on start up of the application.

    In the end sure there are ways to do it. Books have been written on it. But there is no way to consider standard email secure.

    Aaron

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •